Video Description

This lesson opens with the reasons for software insecurity. Software insecurity can be attributed to the following reasons: • Lack of training • Lack of funding • No prioritization of security • Security as an afterthought There are a number of vulnerability databases which are great resources the address the issue of software insecurity, they include: • Open Web Application Security Project Top 10 (OWASP) • Common Vulnerabilities and Exposure (CVE) • Common Weakness Enumeration (CWE) • National Vulnerability Database (NVD) • Computer Emergency Response Team Vulnerability Database (US CERT) This lesson specifically focuses on OWASP 1 through 5. OWASP is an international organization with the goal of raising awareness and stress the need for security in web based applications. The top 5 are: • Injection • Broken authentication and session management • Cross site scripting (XSS) • Insecure direct object references • Security misconfiguration

Course Modules

ISC2 Certified Cloud Security Professional (CCSP)